heysoundude
Part of the Furniture
Huh, I can't seem to find anything either
github.com
but i believe everything you might be looking to learn is contained here:
www.snbforums.com
IPSet_ASUS/README.md at master · Adamm00/IPSet_ASUS
Skynet - Advanced IP Blocking For ASUS Routers Using IPSet. - Adamm00/IPSet_ASUS
github.com
Skynet - Filter Validator v0.7 - Skynet Firewall Filter List IPv4 Integrity Validator
Filter Validator v0.7 A collaborative project between @Viktor Jaep and @SomeWhereOverTheRainBow! Filter Validator tests the IPv4 addresses (and IPv6 if present) on a given filter list that are to be used with the Skynet Firewall running on Asus-Merlin Firmware in order to block...
www.snbforums.com
Hi @Adamm rebuilding router after factory reset. Just installed diversion, then skynet but there are no entries in the blacklist ipsets - what am I missing
Code:
Router Model; RT-AX88U
Skynet Version; v7.3.6 (09/03/2023) (35af187c15ed5871393a3249262c8dbc)
iptables v1.4.15 - (eth0 @ 10.50.60.1)
ipset v7.6, protocol version: 7
IP Address; (wan ipv4) - (wan ipv6)
FW Version; 388.1_0 (Dec 3 2022) (4.1.51)
Install Dir; /tmp/mnt/Router/skynet (101.8G / 109.5G Space Available)
SWAP File; /tmp/mnt/Router/myswap.swp (2.0G)
0 IPs (+0) -- 0 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked!
Code:
Name: Skynet-Blacklist
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 500000 comment
Size in memory: 96
References: 1
Number of entries: 0
Members:
Name: Skynet-BlockedRanges
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 200000 comment
Size in memory: 352
References: 1
Number of entries: 0
Members:
Adamm
Part of the Furniture
Have you tried to ban anything yet or use the ban malware feature? lol
I am confused. I had thought that when installed, Skynet blocked traffic derived via a default set of ipsets, e.g. firehol_level2.netset, firehol_level3.netset, etc. However nothing is being blocked at all, either inbound or outbound* and while
Code:
sh /jffs/scripts/firewall debug infoif I run
Code:
sh /jffs/scripts/firewall banmalware
Code:
[i] Downloading filter.list | [1s]
[i] Refreshing Whitelists | [3s]
[i] Consolidating Blacklist | [1s]
[*] List Content Error Detected - Stopping Banmalwareand looking at the log file I just see
Code:
Mar 12 00:29:01 Router Skynet: [#] 0 IPs (+0) -- 0 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [debug] [1s]
Mar 12 00:42:38 Router Skynet: [i] Skynet Up To Date - v7.3.6 (35af187c15ed5871393a3249262c8dbc)
Mar 12 00:47:28 Router Skynet: [#] 0 IPs (+0) -- 0 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [debug] [1s]
Mar 12 00:52:01 Router Skynet: [#] 0 IPs (+0) -- 0 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [banmalware] [5s]I have tried uninstalling, rebooting and re-installing - it makes no difference.
* As some devices are running bitorrent/transmission, I would expect to see some outbound blocks.
Adamm
Part of the Furniture
(AFAIK) I don't have a custom list, this is a clean install and should just be using default settings. Where can I locate what list is being used?
Viktor Jaep
Part of the Furniture
How about just reset the filter list to its default? Option 3 -> Reset Filter List?
You could find the name of your custom filter list you're using in the skynet.cfg, located under /mnt/<drivename>/skynet/skynet.cfg
Last edited:
commodoro
Occasional Visitor
Yes both
/tmp/skynet/lists and
/tmp/mnt/Router/skynet/lists
are empty
Default WAN DNS are DoT (strict) Cloudflare (IPv4 and IPv6)
Client DNS is routed through Unbound using Wireguard VPN (AzireVPN) DNS servers
Last edited:
commodoro
Occasional Visitor
ok, if /tmp/mnt/Router/skynet/lists is empty something went wrong when download the datasets present in the filter list, the reason of [*] List Content Error Detected - Stopping Banmalware
I had same issues when in WAN DNS used the router ip itself, now I use Quad9 and all works, I think with Cloudfire could work
if you are confortable to modify firewall script, you could remove the option -s silent mode, from the curl invocation to see the error
line 3463
from
Code:
awk -F/ '{print $0" -Oz "$NF}' /jffs/addons/shared-whitelists/shared-Skynet-whitelist | xargs "curl" -fsLZto
Code:
awk -F/ '{print $0" -Oz "$NF}' /jffs/addons/shared-whitelists/shared-Skynet-whitelist | xargs "curl" -fLZand launch
Code:
firewall banmalwareto see the error
Last edited:
Code:
[i] Downloading filter.list | [0s]
[i] Refreshing Whitelists | [4s]
[i] Consolidating Blacklist | Warning: Illegal date format for -z, --time-cond (and not a file name).
Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
Warning: Illegal date format for -z, --time-cond (and not a file name).
Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
Warning: Illegal date format for -z, --time-cond (and not a file name).
Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
Warning: Illegal date format for -z, --time-cond (and not a file name).
Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
Warning: Illegal date format for -z, --time-cond (and not a file name).
Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
Warning: Illegal date format for -z, --time-cond (and not a file name).
Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
Warning: Illegal date format for -z, --time-cond (and not a file name).
Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
Warning: Illegal date format for -z, --time-cond (and not a file name).
Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
Warning: Illegal date format for -z, --time-cond (and not a file name).
Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
Warning: Illegal date format for -z, --time-cond (and not a file name).
Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
DL% UL% Dled Uled Xfers Live Qd Total Current Left Speed
-- -- 0 0 10 10 0 --:--:-- --:--:-- --:--:-- 0 curl: (6) Could not resolve host: iplists.firehol.org
curl: (6) Could not resolve host: iplists.firehol.org
curl: (6) Could not resolve host: iplists.firehol.org
curl: (6) Could not resolve host: iplists.firehol.org
curl: (6) Could not resolve host: iplists.firehol.org
curl: (6) Could not resolve host: iplists.firehol.org
curl: (6) Could not resolve host: iplists.firehol.org
curl: (6) Could not resolve host: iplists.firehol.org
curl: (6) Could not resolve host: iplists.firehol.org
curl: (6) Could not resolve host: iplists.firehol.org
-- -- 0 0 10 0 0 --:--:-- --:--:-- --:--:-- 0
[0s]
[*] List Content Error Detected - Stopping Banmalwarecommodoro
Occasional Visitor
Adding the WAN DNS servers fixed it. I would have assumed that the DoT DNS servers would have been able to resolve, but apparently not. Many thanks
SomeWhereOverTheRainBow
Part of the Furniture
Adding the WAN DNS servers fixed it for me tooooo
This is why @RMerlin always says, "You need Wan DNS servers." 
Seriously though, You must have something in the WAN DNS1, and WAN DNS2; otherwise, the router will not be able to resolve anything on its own including any of the curl commands needed to update user scripts such as AMTM, Skynet, etc. Coincidental, it may even fail to resolve the necessary NTP server IP addresses from the NTP server addresses used for NTP services causing the routers built in clock to fail to sync. This would also cause DoT to fail.
Last edited:
View attachment 54465
I never had any problems, a least not that i know off. Everything was working fine, Skynet, diversion and NTP did work. But... Lesson learned
Similar threads
